clearance 2.6.2 → 2.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 830820687a4cbb2e63c535692a8bbc1bfee75f747ef351362df0142317251e56
-  data.tar.gz: 559bc151b6cf7669f13c113c16e4275dbd687fe4c3daf77bb17e288bd982548e
+  metadata.gz: f43e65fb98c36167f024899806818f771cabf396d1c1e147f4a21d1bdccb37dd
+  data.tar.gz: 42a88e8b50b98b5414b923fda5775e1998223791ffe2fcee00ca03163c7f9a50
 SHA512:
-  metadata.gz: d68f58f9428536f29d68348baaa4e616bd39f713933e986bff2977f5afce6d1fdf42a783f475de869d564a384b1414e737b2e34e63bf8bdb35dee53a1e234bf6
-  data.tar.gz: 26f780a332edc0358289d87e924749078366d08e9490574e7a5943a61abbe19f16a4cd13dc947f10bddf6733aff3c405aa2e94e33787dd618b9218dd3cc334cb
+  metadata.gz: 680e0a4d6cebe218f7d8fffeadebcdcd9a160cb9a562a5cef3f876ad118556d4caa4338b40e3dd0135e3ee89e47a8034593d6131ee8eeb4ec7f47062b1aafe3a
+  data.tar.gz: cbc137fa5f3f722f28f99c1537909ed27b3b54e5df3aee37b4c7954e2b3e6c452a900f034239072196796171703eb27c3e859edc69b08bb35762bd260f0253a4

data/.github/workflows/dynamic-readme.yml

@@ -0,0 +1,19 @@
+name: update-templates
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - README.md
+  workflow_dispatch:
+
+jobs:
+  update-templates:
+    permissions:
+      contents: write
+      pull-requests: write
+      pages: write
+    uses: thoughtbot/templates/.github/workflows/dynamic-readme.yaml@main
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}

data/.github/workflows/tests.yml

@@ -16,12 +16,10 @@ jobs:
       fail-fast: false
       matrix:
         gemfile:
-          - "6.0"
           - "6.1"
           - "7.0"
           - "7.1"
         ruby:
-          - "2.7.6"
           - "3.0.4"
           - "3.1.2"
           - "3.2.2"

data/Appraisals

@@ -1,9 +1,3 @@
-appraise "rails_6.0" do
-  gem "railties", "~> 6.0.0"
-  gem "net-smtp", require: false # not bundled in ruby 3.1
-  gem "psych", "< 4" # psych 4 switched from unsafe load to safe load
-end
-
 appraise "rails_6.1" do
   gem "railties", "~> 6.1.0"
   gem "net-smtp", require: false # not bundled in ruby 3.1

data/CHANGELOG.md

@@ -5,9 +5,17 @@ complete changelog, see the git history for each version via the version links.
 
 ## [Unreleased]
 
-[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.6.2...main
+[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.0...main
 
-## [2.6.2] January 15, 2024
+## [2.7.0] - April 19, 2024
+- Call dynamic README workflow (#1004)
+- Drop Ruby 2.76 and Rails 6.0 (#1005)
+- Update specs to match on translations (#1015)
+- Add configuration options for failure method redirects (#1002) Dan Sharp
+
+[2.7.0]: https://github.com/thoughtbot/clearance/compare/v2.6.2...v2.7.0
+
+## [2.6.2] - January 15, 2024
 - Fix typo in Clearance::Token docs (#1000) Gabe Berke-Williams
 - Add CODEOWNERS file (#994)
 - Add support for Rails 7.1 (#995) Samuel Giddens
@@ -20,6 +28,8 @@ deprecated active record handling in application.rb (#998)
 - Replace mentions of NEWS.md with CHANGELOG.md (#982)
 - Fix broken thoughtbot logo on README.md
 
+[2.6.2]: https://github.com/thoughtbot/clearance/compare/v2.6.1...v2.6.2
+
 ## [2.6.1] - September 23, 2022
 - Document how to report security issues
 - Only update the `env["QUERY_STRING"]` if the `as` parameter is present in

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (2.6.2)
+    clearance (2.7.0)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
@@ -110,8 +110,8 @@ GEM
       factory_bot (~> 6.2.0)
       railties (>= 5.0.0)
     ffi (1.16.3)
-    ffi-compiler (1.0.1)
-      ffi (>= 1.0.0)
+    ffi-compiler (1.3.2)
+      ffi (>= 1.15.5)
       rake
     globalid (1.2.1)
       activesupport (>= 6.1)
@@ -131,14 +131,14 @@ GEM
     mini_mime (1.1.2)
     mini_portile2 (2.8.0)
     minitest (5.15.0)
-    net-imap (0.4.9)
+    net-imap (0.4.10)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
     net-protocol (0.2.2)
       timeout
-    net-smtp (0.4.0)
+    net-smtp (0.5.0)
       net-protocol
     nokogiri (1.13.6)
       mini_portile2 (~> 2.8.0)
@@ -171,7 +171,7 @@ GEM
       thor (~> 1.0)
       zeitwerk (~> 2.5)
     rainbow (3.1.1)
-    rake (13.0.6)
+    rake (13.1.0)
     regexp_parser (2.5.0)
     rexml (3.2.5)
     rspec-core (3.11.0)

data/README.md

@@ -19,7 +19,7 @@ monitored by contributors.
 
 ## Getting Started
 
-Clearance is a Rails engine tested against Rails `>= 6.0` and Ruby `>= 2.7.0`.
+Clearance is a Rails engine tested against Rails `>= 6.1` and Ruby `>= 3.0.0`.
 
 You can add it to your Gemfile with:
 
@@ -59,6 +59,8 @@ Clearance.configure do |config|
   config.mailer_sender = "reply@example.com"
   config.password_strategy = Clearance::PasswordStrategies::BCrypt
   config.redirect_url = "/"
+  config.url_after_destroy = nil
+  config.url_after_denied_access_when_signed_out = nil
   config.rotate_csrf_on_sign_in = true
   config.same_site = nil
   config.secure_cookie = false
@@ -222,8 +224,16 @@ These "failure" methods are called for signed out sessions:
 - `application#url_after_denied_access_when_signed_out`
 - `sessions#url_after_destroy`
 
-They both default to `sign_in_url`. Override this method to change both of their
-behavior, or override them individually to just change one.
+You can override the appropriate method in your subclassed controller or you
+can set a configuration value for either of these URLs:
+
+- `Clearance.configuration.url_after_denied_access_when_signed_out`
+- `Clearance.configuration.url_after_destroy`
+
+Both configurations default to `nil` and if not set will default to
+`sign_in_url` in `sessions_controller.rb` and `authorization.rb` for backwards
+compatibility.
+
 
 ### Views
 
@@ -481,21 +491,10 @@ For security issues it's better to contact <security@thoughtbot.com> (See <https
 
 ## License
 
-Clearance is copyright © 2009-2019 thoughtbot. It is free software, and may be
+Clearance is copyright © 2009 thoughtbot. It is free software, and may be
 redistributed under the terms specified in the [`LICENSE`] file.
 
 [`LICENSE`]: /LICENSE
 
-## About thoughtbot
-
-![thoughtbot](https://thoughtbot.com/brand_assets/93:44.svg)
-
-Clearance is maintained and funded by thoughtbot, inc.
-The names and logos for thoughtbot are trademarks of thoughtbot, inc.
-
-We love open source software!
-See [our other projects][community] or
-[hire us][hire] to design, develop, and grow your product.
-
-[community]: https://thoughtbot.com/community?utm_source=github
-[hire]: https://thoughtbot.com/hire-us?utm_source=github
+<!-- START /templates/footer.md -->
+<!-- END /templates/footer.md -->

data/app/controllers/clearance/sessions_controller.rb

@@ -37,7 +37,7 @@ class Clearance::SessionsController < Clearance::BaseController
   end
 
   def url_after_destroy
-    sign_in_url
+    Clearance.configuration.url_after_destroy || sign_in_url
   end
 
   def url_for_signed_in_users

data/lib/clearance/authorization.rb

@@ -114,7 +114,7 @@ module Clearance
     #
     # @return [String]
     def url_after_denied_access_when_signed_out
-      sign_in_url
+      Clearance.configuration.url_after_denied_access_when_signed_out || sign_in_url
     end
   end
 end

data/lib/clearance/configuration.rb

@@ -68,6 +68,20 @@ module Clearance
     # @return [String]
     attr_accessor :redirect_url
 
+    # The default path Clearance will redirect signed out users to.
+    # Defaults to `nil` so that the controller will use `sign_in_url`
+    # for backwards compatibility. This can be set here instead of overriding
+    # the method via an overridden session controller.
+    # @return [String]
+    attr_accessor :url_after_destroy
+
+    # The default path Clearance will redirect non-users to when denied access.
+    # Defaults to `nil` so that the authorization module will use `sign_in_url`
+    # for backwards compatibility. This can be set here instead of overriding
+    # the method via an overridden authorization module.
+    # @return [String]
+    attr_accessor :url_after_denied_access_when_signed_out
+
     # Controls whether Clearance will rotate the CSRF token on sign in.
     # Defaults to `nil` which generates a warning. Will default to true in
     # Clearance 2.0.
@@ -140,6 +154,8 @@ module Clearance
       @same_site = nil
       @mailer_sender = 'reply@example.com'
       @redirect_url = '/'
+      @url_after_destroy = nil
+      @url_after_denied_access_when_signed_out = nil
       @rotate_csrf_on_sign_in = true
       @routes = true
       @secure_cookie = false

data/lib/clearance/version.rb

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "2.6.2".freeze
+  VERSION = "2.7.0".freeze
 end

data/spec/configuration_spec.rb

@@ -109,6 +109,34 @@ describe Clearance::Configuration do
     end
   end
 
+  context "when no url_after_destroy value specified" do
+    it "returns nil as the default" do
+      expect(Clearance::Configuration.new.url_after_destroy).to be_nil
+    end
+  end
+
+  context "when url_after_destroy value is specified" do
+    it "returns the url_after_destroy value" do
+      Clearance.configure { |config| config.url_after_destroy = "/redirect" }
+
+      expect(Clearance.configuration.url_after_destroy).to eq "/redirect"
+    end
+  end
+
+  context "when no url_after_denied_access_when_signed_out value specified" do
+    it "returns nil as the default" do
+      expect(Clearance::Configuration.new.url_after_denied_access_when_signed_out).to be_nil
+    end
+  end
+
+  context "when url_after_denied_access_when_signed_out value is specified" do
+    it "returns the url_after_denied_access_when_signed_out value" do
+      Clearance.configure { |config| config.url_after_denied_access_when_signed_out = "/redirect" }
+
+      expect(Clearance.configuration.url_after_denied_access_when_signed_out).to eq "/redirect"
+    end
+  end
+
   context "when specifying sign in guards" do
     it "returns the stack with added guards" do
       DummyGuard = Class.new

data/spec/controllers/passwords_controller_spec.rb

@@ -33,7 +33,7 @@ describe Clearance::PasswordsController do
         }
 
         email = ActionMailer::Base.deliveries.last
-        expect(email.subject).to match(/change your password/i)
+        expect(email.subject).to match(translated_string("passwords.edit.title"))
       end
 
       it "re-renders the page when turbo is enabled" do
@@ -53,7 +53,7 @@ describe Clearance::PasswordsController do
           password: {},
         }
 
-        expect(flash.now[:alert]).to match(/email can't be blank/i)
+        expect(flash.now[:alert]).to match(translated_string("flashes.failure_when_missing_email"))
         expect(response).to render_template(:new)
       end
 
@@ -74,7 +74,7 @@ describe Clearance::PasswordsController do
           },
         }
 
-        expect(flash.now[:alert]).to match(/email can't be blank/i)
+        expect(flash.now[:alert]).to match(translated_string("flashes.failure_when_missing_email"))
         expect(response).to render_template(:new)
       end
 
@@ -164,7 +164,7 @@ describe Clearance::PasswordsController do
         }
 
         expect(response).to render_template(:new)
-        expect(flash.now[:alert]).to match(/double check the URL/i)
+        expect(flash.now[:alert]).to match(translated_string("flashes.failure_when_forbidden"))
       end
     end
 
@@ -178,7 +178,7 @@ describe Clearance::PasswordsController do
         }
 
         expect(response).to render_template(:new)
-        expect(flash.now[:alert]).to match(/double check the URL/i)
+        expect(flash.now[:alert]).to match(translated_string("flashes.failure_when_forbidden"))
       end
     end
 
@@ -278,7 +278,7 @@ describe Clearance::PasswordsController do
           new_password: "",
         )
 
-        expect(flash.now[:alert]).to match(/password can't be blank/i)
+        expect(flash.now[:alert]).to match(translated_string("flashes.failure_after_update"))
         expect(response).to have_http_status(:unprocessable_entity)
         expect(response).to render_template(:edit)
       end

data/spec/controllers/permissions_controller_spec.rb

@@ -58,7 +58,7 @@ describe PermissionsController do
     it "denies access to show and display a flash message" do
       get :show
 
-      expect(flash[:alert]).to match(/^Please sign in to continue/)
+      expect(flash[:alert]).to match(translated_string("flashes.failure_when_not_signed_in"))
     end
   end
 

data/spec/controllers/sessions_controller_spec.rb

@@ -41,7 +41,7 @@ describe Clearance::SessionsController do
         }
 
         expect(response).to render_template(:new)
-        expect(flash[:alert]).to match(/^Bad email or password/)
+        expect(flash[:alert]).to match(translated_string("flashes.failure_after_create"))
       end
     end
 
@@ -118,6 +118,12 @@ describe Clearance::SessionsController do
   end
 
   describe "on DELETE to #destroy" do
+    let(:configured_redirect_url) { nil }
+
+    before do
+      Clearance.configure { |config| config.url_after_destroy = configured_redirect_url }
+    end
+
     context "given a signed out user" do
       before do
         sign_out
@@ -126,6 +132,12 @@ describe Clearance::SessionsController do
 
       it { should redirect_to_url_after_destroy }
       it { expect(response).to have_http_status(:see_other) }
+
+      context "when the custom redirect URL is set" do
+        let(:configured_redirect_url) { "/redirected" }
+
+        it { should redirect_to(configured_redirect_url) }
+      end
     end
 
     context "with a cookie" do
@@ -145,6 +157,12 @@ describe Clearance::SessionsController do
       it "should unset the current user" do
         expect(request.env[:clearance].current_user).to be_nil
       end
+
+      context "when the custom redirect URL is set" do
+        let(:configured_redirect_url) { "/redirected" }
+
+        it { should redirect_to(configured_redirect_url) }
+      end
     end
   end
 end

data/spec/support/html_escape_helper.rb

@@ -0,0 +1,13 @@
+module HTMLEscapeHelper
+  def translated_string(key)
+    if Rails.version >= "7.0"
+      ERB::Util.html_escape_once(I18n.t(key))
+    else
+      I18n.t(key)
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include HTMLEscapeHelper
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.6.2
+  version: 2.7.0
 platform: ruby
 authors:
 - Dan Croak
@@ -26,7 +26,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-15 00:00:00.000000000 Z
+date: 2024-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -146,6 +146,7 @@ extra_rdoc_files:
 - README.md
 files:
 - ".erb-lint.yml"
+- ".github/workflows/dynamic-readme.yml"
 - ".github/workflows/tests.yml"
 - ".gitignore"
 - ".yardopts"
@@ -182,10 +183,6 @@ files:
 - config/routes.rb
 - db/migrate/20110111224543_create_clearance_users.rb
 - db/schema.rb
-- gemfiles/rails_5.0.gemfile
-- gemfiles/rails_5.1.gemfile
-- gemfiles/rails_5.2.gemfile
-- gemfiles/rails_6.0.gemfile
 - gemfiles/rails_6.1.gemfile
 - gemfiles/rails_7.0.gemfile
 - gemfiles/rails_7.1.gemfile
@@ -294,6 +291,7 @@ files:
 - spec/support/fake_model_with_password_strategy.rb
 - spec/support/fake_model_without_password_strategy.rb
 - spec/support/generator_spec_helpers.rb
+- spec/support/html_escape_helper.rb
 - spec/support/request_with_remember_token.rb
 - spec/views/view_helpers_spec.rb
 homepage: https://github.com/thoughtbot/clearance
@@ -316,7 +314,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Rails authentication & authorization with email & password.

data/gemfiles/rails_5.0.gemfile

@@ -1,21 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "addressable"
-gem "ammeter"
-gem "appraisal"
-gem "capybara", ">= 2.6.2", "< 3.33.0"
-gem "database_cleaner"
-gem "erb_lint", require: false
-gem "factory_bot_rails"
-gem "nokogiri"
-gem "pry", require: false
-gem "rails-controller-testing"
-gem "rspec-rails", "~> 3.1"
-gem "shoulda-matchers"
-gem "sqlite3", "~> 1.3.13"
-gem "timecop"
-gem "railties", "~> 5.0"
-
-gemspec path: "../"

data/gemfiles/rails_5.1.gemfile

@@ -1,21 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "addressable"
-gem "ammeter"
-gem "appraisal"
-gem "capybara"
-gem "database_cleaner"
-gem "erb_lint", require: false
-gem "factory_bot_rails"
-gem "nokogiri"
-gem "pry", require: false
-gem "rails-controller-testing"
-gem "rspec-rails"
-gem "shoulda-matchers"
-gem "sqlite3"
-gem "timecop"
-gem "railties", "~> 5.1"
-
-gemspec path: "../"

data/gemfiles/rails_5.2.gemfile

@@ -1,21 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "addressable"
-gem "ammeter"
-gem "appraisal"
-gem "capybara"
-gem "database_cleaner"
-gem "erb_lint", require: false
-gem "factory_bot_rails"
-gem "nokogiri"
-gem "pry", require: false
-gem "rails-controller-testing"
-gem "rspec-rails"
-gem "shoulda-matchers"
-gem "sqlite3"
-gem "timecop"
-gem "railties", "~> 5.2"
-
-gemspec path: "../"

data/gemfiles/rails_6.0.gemfile

@@ -1,23 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "addressable"
-gem "ammeter"
-gem "appraisal"
-gem "capybara"
-gem "database_cleaner"
-gem "erb_lint", require: false
-gem "factory_bot_rails"
-gem "nokogiri"
-gem "pry", require: false
-gem "rails-controller-testing"
-gem "rspec-rails"
-gem "shoulda-matchers"
-gem "sqlite3"
-gem "timecop"
-gem "railties", "~> 6.0.0"
-gem "net-smtp", require: false
-gem "psych", "< 4"
-
-gemspec path: "../"